Subject: RE: SO login into non-initialized token
the finding that most of the other CKR_USER_* codes apply to both roles is very convincing. Just extending the error description in such a way that it applies to the SO as well seems to be the easiest solution.
We do the same here… we return CKR_USER_PIN_NOT_INITIALIZED in this case.
That is unfortunate that the error code is described that way. In hind sight, I would have preferred if the description was so that it applies to the whichever role (CKU_SO or CKU_USER) is attempting to login via C_Login.
Should we consider modifying the description as such?
I agree, none of the existing error codes seem to fit this scenario. Should we introduce CKR_SO_PIN_NOT_INITIALIZED?
I don’t have a strong opinion either way, but if I was forced to pick one, I think I prefer modifying the description. Most of the other CKR_USER_XXX error codes apply to both roles (CKU_SO and CKU_USER). I think this one probably should as well.
Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen CFO
This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/